3 files changed, 9 insertions, 9 deletions

diff --git a/source3/web/cgi.c b/source3/web/cgi.c
index a1aa4d753d..5958b0a419 100644
--- a/source3/web/cgi.c
+++ b/source3/web/cgi.c
@@ -296,17 +296,17 @@ char *quotedup(char *s)
 	for (i=0;i<len;i++) {
 		switch (s[i]) {
 		case '<':
-			strcpy(d, "&lt;");
+			safe_strcpy(d, "&lt;", len + n*6 - (d - ret));
 			d += 4;
 			break;
 
 		case '>':
-			strcpy(d, "&gt;");
+			safe_strcpy(d, "&gt;", len + n*6 - (d - ret));
 			d += 4;
 			break;
 
 		case '&':
-			strcpy(d, "&amp;");
+			safe_strcpy(d, "&amp;", len + n*6 - (d - ret));
 			d += 5;
 			break;
 
@@ -347,7 +347,7 @@ char *urlquote(char *s)
 
 	for (i=0;i<len;i++) {
 		if (strchr(qlist,s[i])) {
-			sprintf(d, "%%%02X", (int)s[i]);
+			slprintf(d, len + n*2 - (d - ret), "%%%02X", (int)s[i]);
 			d += 3;
 		} else {
 			*d++ = s[i];
@@ -387,7 +387,7 @@ char *quotequotes(char *s)
 	for (i=0;i<len;i++) {
 		switch (s[i]) {
 		case '"':
-			strcpy(d, "&quot;");
+			safe_strcpy(d, "&quot;", len + n*6 - (d - ret));
 			d += 6;
 			break;
 
diff --git a/source3/web/startstop.c b/source3/web/startstop.c
index 7ac66f2180..63e5afead2 100644
--- a/source3/web/startstop.c
+++ b/source3/web/startstop.c
@@ -37,7 +37,7 @@ void start_smbd(void)
 		return;
 	}
 
-	sprintf(binfile,"%s/smbd", SBINDIR);
+	slprintf(binfile, sizeof(pstring) - 1, "%s/smbd", SBINDIR);
 
 	become_daemon();
 
@@ -58,7 +58,7 @@ void start_nmbd(void)
 		return;
 	}
 
-	sprintf(binfile,"%s/nmbd", SBINDIR);
+	slprintf(binfile, sizeof(pstring) - 1, "%s/nmbd", SBINDIR);
 	
 	become_daemon();
 
diff --git a/source3/web/statuspage.c b/source3/web/statuspage.c
index 9bcc99a6af..184f7e1f73 100644
--- a/source3/web/statuspage.c
+++ b/source3/web/statuspage.c
@@ -121,7 +121,7 @@ void status_page(void)
 	pstrcpy(fname,lp_lockdir());
 	standard_sub_basic(fname);
 	trim_string(fname,"","/");
-	strcat(fname,"/STATUS..LCK");
+	pstrcat(fname,"/STATUS..LCK");
 
 
 	f = fopen(fname,"r");
@@ -131,7 +131,7 @@ void status_page(void)
 			if (crec.magic == 0x280267 && crec.cnum == -1 &&
 			    process_exists(crec.pid)) {
 				char buf[30];
-				sprintf(buf,"kill_%d", crec.pid);
+				slprintf(buf,sizeof(buf)-1,"kill_%d", crec.pid);
 				if (cgi_variable(buf)) {
 					kill_pid(crec.pid);
 				}